Technical Details
This exploit program downloads other malicious programs via the Internet and launches them for execution on the victim machine without the user's knowledge or consent. It is a PDF file containing Java Script. It is 6378 bytes in size.
Payload
During activation, the exploit uses a vulnerability in the "util.printf()" function of Adobe Acrobat/Reader in the processing of strings sent as arguments (CVE-2008-2992), and downloads a file from the URL shown below:
http://91.***.230/aid=10000&sid=0&name=PDFUtilPrintf
At the time of writing, the downloaded file was 2048 bytes in size and detected by Kaspersky Anti-Virus as Trojan-Downloader.Win32.Tiny.cng.
When the file has been downloaded, it is saved to the following path:
%System%\a.exe
It is then launched for execution and the exploit program ceases running.Removal instructions
If your computer does not have antivirus protection and has been infected by this malicious program, follow the instructions below to delete it:
- Delete the original exploit file (its location will depend on how the program originally penetrated the infected computer).
- Delete the following file:
%System%\a.exe - Empty the following directory (see How to delete infected files from Temporary Internet Files folder?):
%Temporary Internet Files%
Žádné komentáře:
Okomentovat